Git Product home page Git Product logo

Comments (6)

shajithomas32 avatar shajithomas32 commented on July 23, 2024

#35 , can you apply this pull request it if you are ok with it or fix like you wanted

from highlight-words.

shajithomas32 avatar shajithomas32 commented on July 23, 2024

Sir can you please look the pr I created

from highlight-words.

tricinel avatar tricinel commented on July 23, 2024

Hi @shajithomas32! Thanks for taking a look at this. I don't really see the security issue though. The Math.random call is just to generate an ID with no overhead. It's not mean to be secure or unpredictable - just unique enough in most situations.

I'd say...if this is the only security problem with your app, then you're doing better than 99% of the apps out there. Congrats!

For us, the overhead of using crypto isn't worth it.

Seeing how you've PRed already, it means you can already use your code in your app if you so choose. To do this, you can make use of npm overrides, as documented here.

Essentially, do this:

{
  "overrides": {
    "highlight-words": "git://github.com/shajithomas32/highlight-words.git"
  }
}

So no matter what your dependencies use, you'll pull in your code.

from highlight-words.

shajithomas32 avatar shajithomas32 commented on July 23, 2024

from highlight-words.

tricinel avatar tricinel commented on July 23, 2024

Yes, that's what overrides does.

from highlight-words.

shajithomas32 avatar shajithomas32 commented on July 23, 2024

Thanks for your work around solution suggestion. But you can consider this request in future because it help us with the scan paper work. We got this scan result from fortify scan. Recommend highly to do scans because companies are strict with scan results even though scan results don't make sense in this case

from highlight-words.

Related Issues (12)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.